From 02d3448f4f792964995b8071fa07176606e1af85 Mon Sep 17 00:00:00 2001
From: Michael Paquier <michael@paquier.xyz>
Date: Mon, 16 Jan 2023 13:58:07 +0900
Subject: [PATCH] Store IdentLine->pg_user as an AuthToken

While system_user was stored as an AuthToken in IdentLine, pg_user was
stored as a plain string.  This commit changes the code as we start
storing pg_user as an AuthToken too.

This does not have any functional changes, as all the operations on
pg_user only use the string from the AuthToken.  There is no regexp
compiled and no check based on its quoting, yet.  This is in preparation
of more features that intend to extend its capabilities, like support
for regexps and group membership.

Author: Jelte Fennema
Discussion: https://postgr.es/m/CAGECzQRNow4MwkBjgPxywXdJU_K3a9+Pm78JB7De3yQwwkTDew@mail.gmail.com
---
 src/backend/libpq/hba.c          | 20 +++++++++++---------
 src/backend/utils/adt/hbafuncs.c |  2 +-
 src/include/libpq/hba.h          |  2 +-
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 154b2857d2..029b8e4483 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -2800,7 +2800,7 @@ parse_ident_line(TokenizedAuthLine *tok_line, int elevel)
 	tokens = lfirst(field);
 	IDENT_MULTI_VALUE(tokens);
 	token = linitial(tokens);
-	parsedline->pg_user = pstrdup(token->string);
+	parsedline->pg_user = copy_auth_token(token);
 
 	/*
 	 * Now that the field validation is done, compile a regex from the user
@@ -2865,7 +2865,7 @@ check_ident_usermap(IdentLine *identLine, const char *usermap_name,
 			return;
 		}
 
-		if ((ofs = strstr(identLine->pg_user, "\\1")) != NULL)
+		if ((ofs = strstr(identLine->pg_user->string, "\\1")) != NULL)
 		{
 			int			offset;
 
@@ -2875,7 +2875,7 @@ check_ident_usermap(IdentLine *identLine, const char *usermap_name,
 				ereport(LOG,
 						(errcode(ERRCODE_INVALID_REGULAR_EXPRESSION),
 						 errmsg("regular expression \"%s\" has no subexpressions as requested by backreference in \"%s\"",
-								identLine->system_user->string + 1, identLine->pg_user)));
+								identLine->system_user->string + 1, identLine->pg_user->string)));
 				*error_p = true;
 				return;
 			}
@@ -2884,9 +2884,9 @@ check_ident_usermap(IdentLine *identLine, const char *usermap_name,
 			 * length: original length minus length of \1 plus length of match
 			 * plus null terminator
 			 */
-			expanded_pg_user = palloc0(strlen(identLine->pg_user) - 2 + (matches[1].rm_eo - matches[1].rm_so) + 1);
-			offset = ofs - identLine->pg_user;
-			memcpy(expanded_pg_user, identLine->pg_user, offset);
+			expanded_pg_user = palloc0(strlen(identLine->pg_user->string) - 2 + (matches[1].rm_eo - matches[1].rm_so) + 1);
+			offset = ofs - identLine->pg_user->string;
+			memcpy(expanded_pg_user, identLine->pg_user->string, offset);
 			memcpy(expanded_pg_user + offset,
 				   system_user + matches[1].rm_so,
 				   matches[1].rm_eo - matches[1].rm_so);
@@ -2895,7 +2895,7 @@ check_ident_usermap(IdentLine *identLine, const char *usermap_name,
 		else
 		{
 			/* no substitution, so copy the match */
-			expanded_pg_user = pstrdup(identLine->pg_user);
+			expanded_pg_user = pstrdup(identLine->pg_user->string);
 		}
 
 		/*
@@ -2921,13 +2921,13 @@ check_ident_usermap(IdentLine *identLine, const char *usermap_name,
 		/* Not regular expression, so make complete match */
 		if (case_insensitive)
 		{
-			if (pg_strcasecmp(identLine->pg_user, pg_user) == 0 &&
+			if (pg_strcasecmp(identLine->pg_user->string, pg_user) == 0 &&
 				pg_strcasecmp(identLine->system_user->string, system_user) == 0)
 				*found_p = true;
 		}
 		else
 		{
-			if (strcmp(identLine->pg_user, pg_user) == 0 &&
+			if (strcmp(identLine->pg_user->string, pg_user) == 0 &&
 				strcmp(identLine->system_user->string, system_user) == 0)
 				*found_p = true;
 		}
@@ -3074,6 +3074,7 @@ load_ident(void)
 		{
 			newline = (IdentLine *) lfirst(parsed_line_cell);
 			free_auth_token(newline->system_user);
+			free_auth_token(newline->pg_user);
 		}
 		MemoryContextDelete(ident_context);
 		return false;
@@ -3086,6 +3087,7 @@ load_ident(void)
 		{
 			newline = (IdentLine *) lfirst(parsed_line_cell);
 			free_auth_token(newline->system_user);
+			free_auth_token(newline->pg_user);
 		}
 	}
 	if (parsed_ident_context != NULL)
diff --git a/src/backend/utils/adt/hbafuncs.c b/src/backend/utils/adt/hbafuncs.c
index 8a552ef8e9..73d3ad1dad 100644
--- a/src/backend/utils/adt/hbafuncs.c
+++ b/src/backend/utils/adt/hbafuncs.c
@@ -493,7 +493,7 @@ fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
 	{
 		values[index++] = CStringGetTextDatum(ident->usermap);
 		values[index++] = CStringGetTextDatum(ident->system_user->string);
-		values[index++] = CStringGetTextDatum(ident->pg_user);
+		values[index++] = CStringGetTextDatum(ident->pg_user->string);
 	}
 	else
 	{
diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h
index ed4d5e7962..189f6d0df2 100644
--- a/src/include/libpq/hba.h
+++ b/src/include/libpq/hba.h
@@ -143,7 +143,7 @@ typedef struct IdentLine
 
 	char	   *usermap;
 	AuthToken  *system_user;
-	char	   *pg_user;
+	AuthToken  *pg_user;
 } IdentLine;
 
 /*
-- 
2.39.5